Skip to content

Commit

Permalink
Fixing type issues from pulling in master
Browse files Browse the repository at this point in the history
  • Loading branch information
jonathan-buttner committed Apr 27, 2021
1 parent eb26150 commit 3d4726d
Show file tree
Hide file tree
Showing 11 changed files with 81 additions and 53 deletions.
1 change: 1 addition & 0 deletions x-pack/plugins/cases/common/api/cases/user_actions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const UserActionFieldTypeRt = rt.union([
rt.literal('status'),
rt.literal('settings'),
rt.literal('sub_case'),
rt.literal('owner'),
]);
const UserActionFieldRt = rt.array(UserActionFieldTypeRt);
const UserActionRt = rt.union([
Expand Down
16 changes: 8 additions & 8 deletions x-pack/plugins/cases/server/authorization/audit_logger.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
* 2.0.
*/

import { OperationDetails } from '.';
import { AuditLogger, EventCategory, EventOutcome } from '../../../security/server';
import { DATABASE_CATEGORY, ECS_OUTCOMES, OperationDetails } from '.';
import { AuditLogger } from '../../../security/server';

enum AuthorizationResult {
Unauthorized = 'Unauthorized',
Expand Down Expand Up @@ -51,9 +51,9 @@ export class AuthorizationAuditLogger {
message: `${username ?? 'unknown user'} ${message}`,
event: {
action: operation.action,
category: EventCategory.DATABASE,
type: operation.type,
outcome: EventOutcome.SUCCESS,
category: DATABASE_CATEGORY,
type: [operation.type],
outcome: ECS_OUTCOMES.success,
},
...(username != null && {
user: {
Expand Down Expand Up @@ -81,9 +81,9 @@ export class AuthorizationAuditLogger {
message: `${username ?? 'unknown user'} ${message}`,
event: {
action: operation.action,
category: EventCategory.DATABASE,
type: operation.type,
outcome: EventOutcome.FAILURE,
category: DATABASE_CATEGORY,
type: [operation.type],
outcome: ECS_OUTCOMES.failure,
},
// add the user information if we have it
...(username != null && {
Expand Down
57 changes: 39 additions & 18 deletions x-pack/plugins/cases/server/authorization/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import { EventType } from '../../../security/server';
import { EcsEventCategory, EcsEventOutcome, EcsEventType } from 'kibana/server';
import {
CASE_COMMENT_SAVED_OBJECT,
CASE_CONFIGURE_SAVED_OBJECT,
Expand Down Expand Up @@ -41,85 +41,106 @@ const deleteVerbs: Verbs = {
past: 'deleted',
};

const eventTypes: Record<string, EcsEventType> = {
creation: 'creation',
deletion: 'deletion',
change: 'change',
access: 'access',
};

/**
* Database constant for ECS category for use for audit logging.
*/
export const DATABASE_CATEGORY: EcsEventCategory[] = ['database'];

/**
* ECS Outcomes for audit logging.
*/
export const ECS_OUTCOMES: Record<string, EcsEventOutcome> = {
failure: 'failure',
success: 'success',
unknown: 'unknown',
};

/**
* Definition of all APIs within the cases backend.
*/
export const Operations: Record<ReadOperations | WriteOperations, OperationDetails> = {
// case operations
[WriteOperations.CreateCase]: {
type: EventType.CREATION,
type: eventTypes.creation,
name: WriteOperations.CreateCase,
action: 'create-case',
verbs: createVerbs,
docType: 'case',
savedObjectType: CASE_SAVED_OBJECT,
},
[WriteOperations.DeleteCase]: {
type: EventType.DELETION,
type: eventTypes.deletion,
name: WriteOperations.DeleteCase,
action: 'delete-case',
verbs: deleteVerbs,
docType: 'case',
savedObjectType: CASE_SAVED_OBJECT,
},
[WriteOperations.UpdateCase]: {
type: EventType.CHANGE,
type: eventTypes.change,
name: WriteOperations.UpdateCase,
action: 'update-case',
verbs: updateVerbs,
docType: 'case',
savedObjectType: CASE_SAVED_OBJECT,
},
[WriteOperations.CreateConfiguration]: {
type: EventType.CREATION,
type: eventTypes.creation,
name: WriteOperations.CreateConfiguration,
action: 'create-configuration',
verbs: createVerbs,
docType: 'case configuration',
savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
},
[WriteOperations.UpdateConfiguration]: {
type: EventType.CHANGE,
type: eventTypes.change,
name: WriteOperations.UpdateConfiguration,
action: 'update-configuration',
verbs: updateVerbs,
docType: 'case configuration',
savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
},
[ReadOperations.FindConfigurations]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.FindConfigurations,
action: 'find-configurations',
verbs: accessVerbs,
docType: 'case configurations',
savedObjectType: CASE_CONFIGURE_SAVED_OBJECT,
},
[ReadOperations.GetCase]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.GetCase,
action: 'get-case',
verbs: accessVerbs,
docType: 'case',
savedObjectType: CASE_SAVED_OBJECT,
},
[ReadOperations.FindCases]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.FindCases,
action: 'find-cases',
verbs: accessVerbs,
docType: 'cases',
savedObjectType: CASE_SAVED_OBJECT,
},
[ReadOperations.GetTags]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.GetCase,
action: 'get-tags',
verbs: accessVerbs,
docType: 'case',
savedObjectType: CASE_SAVED_OBJECT,
},
[ReadOperations.GetReporters]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.GetReporters,
action: 'get-reporters',
verbs: accessVerbs,
Expand All @@ -128,55 +149,55 @@ export const Operations: Record<ReadOperations | WriteOperations, OperationDetai
},
// comments operations
[WriteOperations.CreateComment]: {
type: EventType.CREATION,
type: eventTypes.creation,
name: WriteOperations.CreateComment,
action: 'create-comment',
verbs: createVerbs,
docType: 'comments',
savedObjectType: CASE_COMMENT_SAVED_OBJECT,
},
[WriteOperations.DeleteAllComments]: {
type: EventType.DELETION,
type: eventTypes.deletion,
name: WriteOperations.DeleteAllComments,
action: 'delete-all-comments',
verbs: deleteVerbs,
docType: 'comments',
savedObjectType: CASE_COMMENT_SAVED_OBJECT,
},
[WriteOperations.DeleteComment]: {
type: EventType.DELETION,
type: eventTypes.deletion,
name: WriteOperations.DeleteComment,
action: 'delete-comment',
verbs: deleteVerbs,
docType: 'comments',
savedObjectType: CASE_COMMENT_SAVED_OBJECT,
},
[WriteOperations.UpdateComment]: {
type: EventType.CHANGE,
type: eventTypes.change,
name: WriteOperations.UpdateComment,
action: 'update-comments',
verbs: updateVerbs,
docType: 'comments',
savedObjectType: CASE_COMMENT_SAVED_OBJECT,
},
[ReadOperations.GetComment]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.GetComment,
action: 'get-comment',
verbs: accessVerbs,
docType: 'comments',
savedObjectType: CASE_COMMENT_SAVED_OBJECT,
},
[ReadOperations.GetAllComments]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.GetAllComments,
action: 'get-all-comment',
verbs: accessVerbs,
docType: 'comments',
savedObjectType: CASE_COMMENT_SAVED_OBJECT,
},
[ReadOperations.FindComments]: {
type: EventType.ACCESS,
type: eventTypes.access,
name: ReadOperations.FindComments,
action: 'find-comments',
verbs: accessVerbs,
Expand Down
23 changes: 14 additions & 9 deletions x-pack/plugins/cases/server/authorization/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@
* 2.0.
*/

import { KibanaRequest } from 'kibana/server';
import { EcsEventType, KibanaRequest } from 'kibana/server';
import { KueryNode } from 'src/plugins/data/common';
import { EventType } from '../../../security/server';
import { Space } from '../../../spaces/server';

/**
Expand All @@ -21,11 +20,12 @@ export interface Verbs {

export type GetSpaceFn = (request: KibanaRequest) => Promise<Space | undefined>;

// TODO: we need to have an operation per entity route so I think we need to create a bunch like
// getCase, getComment, getSubCase etc for each, need to think of a clever way of creating them for all the routes easily?

// if you add a value here you'll likely also need to make changes here:
// x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
/**
* Read operations for the cases APIs.
*
* NOTE: If you add a value here you'll likely also need to make changes here:
* x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
*/
export enum ReadOperations {
GetCase = 'getCase',
FindCases = 'findCases',
Expand All @@ -37,7 +37,12 @@ export enum ReadOperations {
FindConfigurations = 'findConfigurations',
}

// TODO: comments
/**
* Write operations for the cases APIs.
*
* NOTE: If you add a value here you'll likely also need to make changes here:
* x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/cases.ts
*/
export enum WriteOperations {
CreateCase = 'createCase',
DeleteCase = 'deleteCase',
Expand All @@ -54,7 +59,7 @@ export enum WriteOperations {
* Defines the structure for a case API route.
*/
export interface OperationDetails {
type: EventType;
type: EcsEventType;
name: ReadOperations | WriteOperations;
action: string;
verbs: Verbs;
Expand Down
5 changes: 2 additions & 3 deletions x-pack/plugins/cases/server/client/cases/create.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,7 @@ import { buildCaseUserActionItem } from '../../services/user_actions/helpers';
import { createAuditMsg, ensureAuthorized, getConnectorFromConfiguration } from '../utils';

import { createCaseError } from '../../common/error';
import { Operations } from '../../authorization';
import { EventOutcome } from '../../../../security/server';
import { ECS_OUTCOMES, Operations } from '../../authorization';
import { ENABLE_CASE_CONNECTOR } from '../../../common/constants';
import {
flattenCaseSavedObject,
Expand Down Expand Up @@ -86,7 +85,7 @@ export const create = async (
auditLogger?.log(
createAuditMsg({
operation: Operations.createCase,
outcome: EventOutcome.UNKNOWN,
outcome: ECS_OUTCOMES.unknown,
savedObjectID,
})
);
Expand Down
5 changes: 2 additions & 3 deletions x-pack/plugins/cases/server/client/cases/delete.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,8 @@ import { CasesClientArgs } from '..';
import { createCaseError } from '../../common/error';
import { AttachmentService, CaseService } from '../../services';
import { buildCaseUserActionItem } from '../../services/user_actions/helpers';
import { Operations } from '../../authorization';
import { ECS_OUTCOMES, Operations } from '../../authorization';
import { createAuditMsg, ensureAuthorized } from '../utils';
import { EventOutcome } from '../../../../security/server';

async function deleteSubCases({
attachmentService,
Expand Down Expand Up @@ -93,7 +92,7 @@ export async function deleteCases(ids: string[], clientArgs: CasesClientArgs): P
auditLogger?.log(
createAuditMsg({
operation: Operations.deleteCase,
outcome: EventOutcome.UNKNOWN,
outcome: ECS_OUTCOMES.unknown,
savedObjectID,
})
);
Expand Down
7 changes: 3 additions & 4 deletions x-pack/plugins/cases/server/client/configure/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ import {
transformCaseConnectorToEsConnector,
transformESConnectorToCaseConnector,
} from '../../common';
import { EventOutcome } from '../../../../security/server';
import { CasesClientInternal } from '../client_internal';
import { CasesClientArgs } from '../types';
import { getFields } from './get_fields';
Expand All @@ -41,7 +40,7 @@ import { getMappings } from './get_mappings';
// eslint-disable-next-line @kbn/eslint/no-restricted-paths
import { FindActionResult } from '../../../../actions/server/types';
import { ActionType } from '../../../../actions/common';
import { Operations } from '../../authorization';
import { ECS_OUTCOMES, Operations } from '../../authorization';
import {
combineAuthorizedAndOwnerFilter,
createAuditMsg,
Expand Down Expand Up @@ -280,7 +279,7 @@ async function update(
auditLogger?.log(
createAuditMsg({
operation: Operations.updateConfiguration,
outcome: EventOutcome.UNKNOWN,
outcome: ECS_OUTCOMES.unknown,
savedObjectID: configuration.id,
})
);
Expand Down Expand Up @@ -430,7 +429,7 @@ async function create(
auditLogger?.log(
createAuditMsg({
operation: Operations.createConfiguration,
outcome: EventOutcome.UNKNOWN,
outcome: ECS_OUTCOMES.unknown,
savedObjectID,
})
);
Expand Down
Loading

0 comments on commit 3d4726d

Please sign in to comment.